The Importance of Cybersecurity in 2019
Updated: November 13, 2020All individual and businesses should ensure that they are up to date with the latest cyber security threats and take the best measures to protect against cyber attacks.
Over the past few decades, technology has become a great part of our lives.
Not only we use technology for most day to day activities such as staying in touch with our friends and shopping for our favorite products online, but most workplaces also use technology on a regular basis.
We rely on being connected all the time so we can exchange information, documents, collaborate, and even making money transactions.
We must also be aware of the fact that technology and the internet also opens a door for cybercriminals to exploit vulnerabilities and interfere with our data exchange.
And a cyber attack can have disastrous consequences.
While for users getting hacked can result in having private information stolen and being used for identity theft and other fraudulent activities, for businesses the attack can end in data leaks, sensitive information made public, and huge financial losses. And no business is too small to become the target of a cyber attack.
If you're an internet user, you should learn about the importance of cybersecurity by familiarizing yourself with the most common cyber threats and what are the best practices to protect yourself in the digital world.
The most common cyber attacks
When a business falls victim of a cyber attack, it can result in lost information, software, damaged system or website. Cyber attacks can be conducted through various methods and here are the most common.
- Phishing - Phishing is the oldest method of attack yet, the most common and efficient to this day. It refers to an attacker sending a fake email to the victim impersonating someone else (often a trustworthy company or entity such as a Bank or Insurance company). The goal is to gain the trust of the victim so s/he will provide sensitive information.
- Vishing - Vishing is similar to Phishing the only difference being that the attacker will use the phone instead of emails. This method is also known as Voice Phishing.
- Smishing - This is another method of cyber attack that takes the form of SMS Phishing. The attacker sends a text message that looks like coming from your bank for example, and you'll be required to provide personal information or to call a specific number to verify your identity.
- Whaling - This type of phishing targets the leaders in a company, such as CEOs. The attacker's goal is to gather financial information or other sensitive business information.
- Spear Phishing - Spear Phishing targets specific organizations or individuals. Unlike regular phishing attacks, in spear phishing, the messages usually appear to come from an individual with a position of authority in the company or from someone the target knows personally.
Even a small piece of information, such as a password to an account can give attackers the opportunity to access much more data. They can even gain access to encrypted data or networks.
The first step to protecting yourself against cyber attacks is to understand the different types of phishing and social engineering techniques attackers use for stealing private information.
Cybersecurity statistics
To better understand the increase of hacked and breached data and how important it is for companies to protect their data and take the best cybersecurity practices, let's take a look over some cybersecurity statistics.
- 412 million user accounts were stolen from Friendfinder's sites in 2017.
- The information of over 57 million riders an drivers of Uber was stolen in 2016.
- 147.9 million consumers were affected by the Equifax Breach in 2017.
- Based on 2017 statistics, there are over 130 large-scale breaches in the US per year. This number is also increasing by 27% per year.
- 31% of organizations have experienced cyber attacks.
- In 2017, attacks involving crypto jacking increased by 8,500%.
- Around 24,000 malicious mobile apps are blocked every day.
- Lifestyle apps are the app categories with most cybersecurity issues. They account for 27% of malicious apps.
- 38% of malicious file extensions are Microsoft Office files (Excel, Word, PowerPoint).
- $2.4 million is the average cost of a malware attack on a company.
- Cybersecurity costs increased by 22.7% from 2016 to 2017.
- 43% of the costs of a cyber attack is represented by information loss.
Cybersecurity threats
Data Leaks
One of the most dangerous threats to cybersecurity is data leaks. They refer to the event of information being accessed without authorization and they can be highly damaging to both individual and businesses.
While for individuals a data breach can end up by having personal information stole and becoming the victim of identity theft or other financial attacks, for businesses a data breach can turn up to be extremely costly.
Businesses hold lots of data, from employees information to customers' insights. This information can include full names, credit card numbers, and even Social Security numbers.
The global average cost of a data breach was reported to be $3.86 million in 2018, up 6.4% from 2017.
Companies are increasing their security measures to better protect their users' data. Most states also have laws and regulations in place that require companies to take certain steps in case of a data breach, for example, to notify the users if their personal information has been compromised.
But, as an internet user, you shouldn't only rely on companies to keep your data safe. You should also stay alert and take preventive measures to protect your private information.
Ransomware
Ransomware is a common cybersecurity threat. It is a type of malware that encrypts the data on a computer and the owner is not able to get back the access to the data without paying the ransom the attacker requests.
One of the best practices for individual and businesses to minimize the effects of a ransomware attack is to also store their sensitive data on cloud storage. Still, with the increase of technology, cloud storage is not bulletproof either anymore. It's best to store the data in various places, including an external hard drive that attackers can't get access to.
Another crucial aspect for businesses to protecting against ransomware is to invest in proper antivirus software and keep it updated at all times. Mind that not all antivirus software is able to cope with ransomware malware so it's important to conduct thorough research before deciding on a product.
Advanced social engineering
Phishing is the oldest type of cyber attack and it has been around since the '70s. And, while technology has advanced, so did the techniques phishing attacks are conducted.
Phishing refers to the process of impersonating someone else in an attempt to steal someone's private information with the purpose of exploiting it for fraudulent activities. Because nowadays artificial intelligence has risen, attackers no longer rely on being personally involved in such attacks but they can even automate them.
There are more best practices on protecting against phishing attacks and the most important one is common sense. Businesses should instruct their employees not to open or interact with suspicious emails that ask for private information. Another important aspect is for businesses and individuals to limit the amount of private information they share online as an attacker can use this data to create a more convincing act when contacting the victim.
Advanced hacking tools
The hacking tools criminals use for cyber attacks have advanced over time. This makes hacking tools widely available for anyone to use, which makes cybersecurity threats to grow in number.
Nowadays, even low experienced cybercriminals can find a wide range of hacking tools and programs online and conduct an attack with a minimum of knowledge.
The methods of gaining access to a computer network or system have also become more sophisticated. Because nowadays most businesses have a website or an externally exposed system, this gives attackers more entry points into internal networks.
IoT devices
IoT (Internet of Things) devices are devices connected wirelessly to a network so they can exchange data between them. Some examples of IoT devices include speaker systems, cars, electronic appliances, security systems, and much more. They are becoming more and more common in both homes and offices.
While offering a high level of control and accessibility and simplifying and speeding up tasks, they can also be a threat to cybersecurity. Each IoT device that connects to the internet can provide a way for attackers to get into a business if not managed properly.
To name a few IoT security attack scenarios, take a look at this quote by James Scott from the Institute for Critical Infrastructure Technology:
Without layered security of the IoT microcosms, hacktivists can disrupt business operations, cyber-criminals can compromise and ransom pacemakers, and cyber-jihadists or nation-state sponsored threats can compromise and control the grid.
It has been estimated by Cisco that 27.1 billion devices will be connected globally by 2021. So it's highly important for both businesses and individuals to only purchase the more secure and resilient devices, to harden the default settings, and to protect the devices behind a thick layer of security.
The GDPR regulation
Not only becoming the victim of a cyber attack can result in a financial loss for businesses. A data breach can also have legal consequences due to the GDPR regulation.
The GDPR (General Data Protection Regulation) regulation has been implemented by the EU (European Union) with the purpose of tightening the privacy and security of European users. It forces organizations to improve their security measures or else they can face heavy fines.
Businesses should invest in cybersecurity more than ever before so they protect their users and customers private data.
Best practices for cybersecurity
The tools and methods hackers use to conduct a cyber attack have become more sophisticated as the internet has grown. It is way easier for hackers to attack a business or an individual nowadays. This is highly important you take the right cybersecurity precaution measures to protect your business or computer.
For effective cybersecurity, you must go beyond only protection the network. Although sometimes hackers do attack networks, it's easier for them to target a website or a server.
These are the minimum requirements for cybersecurity:
- Endpoint protection - This is a security management software that protects a computer network. The components involved in an endpoint security management system include a VPN (Virtual Private Network), an operating system, and updated antivirus software.
- Firewall - The firewall acts as a shield between computers and the internet, analyzing all the outgoing and ongoing traffic and restricting the data packets that do not comply with the set up security rules.
- Intrusion Detection System (IDS) - It is a software application or a device that monitors the network or the system for any malicious activity. Any malicious activity is reported to the administrator or collected using a security information and event management system. IDs can be used from single computers to large networks.
- Web Filtering System - This is used to prevent users from accessing harmful websites before the malware gets to attack their computers.
- Encryption - To secure private information, business sensitive files, and user's information, it's important that the data is encrypted. Even if someone manages to steal encrypted information, they won't be able to read it without the decryption key.
Conclusion
A lack of interest in cybersecurity can turn out to be highly damaging for both individuals and businesses.
As an individual, you can become the victim of identity theft or other cyber scams if you don't take any cybersecurity measure to protect your personal information.
For businesses, becoming the target of a cyber attack can result in financial loss, stolen corporate information, affected systems, and even reputational damage. here are also legal consequences in case of a data breach if you fail to manage your customers' private information.
All individual and businesses should ensure that they are up to date with the latest cyber security threats and take the best measures to protect against cyber attacks.